MWAN3 Setup Issues

somemorestuff · December 10, 2023, 10:29pm

Hello! Long time OpenWRT user, first time posting (I think!).

Recently I finally upgraded to 23.05 (from 17.xx ) and moved from MWAN to MWAN3. Of course IPV6 works much better now, but I'm having difficulty setting up MWAN3 for consistent results.

2 questions:

Can someone help me figure out why MWAN3 doesn't behave properly when my primary interface (easytether) is ID'd as down? First, I added a little script to the "Notify" tab of MWAN3 that restarts the easytether app when the interface goes down. It works fine, but sometimes MWAN3 doesn't recognize that the interface is back up (for whatever reason). In that instance, the network interfaces will show I have an IP address, but MWAN3 shows "disabled"; almost like it never got the ifup notice? I know the interface is buggy, so I'm happy to fallback to my secondary WAN (a data limited hotspot) in this instance. I think I've set that up; but for whatever reason traffic doesn't always behave properly, sometimes creating a very slow connection or none at all. If I unplug the easytether in this situation the traffic picks up perfectly through the hotspot. Is there something wrong in my configuration? (side question, is there a better script for the notify tab to re-start the interface & notify MWAN3 when it's up? The usbreset avoided this "up but down" problem, but didn't always reconnect afterwards, so I commented that part out. Also, the kill-all didn't seem to work either so I use the more complex version). (NOTE: I use httping for EasyTether b/c merely pinging the gateway is insufficient to know if the phone-side app is down, and regular pings don't traverse the interface. Restarting the router-side app seems to fix the odd case where the phone-side app goes down.)
Is there a way to "bond" the IPV6 to IPV4? My primary WAN does not have IPV6 (easytether), and I'm not smart enough to setup a 6in4 setup (or similar) to pair up with easytether. My secondary WAN (a hotspot) does have IPV6 and usually works fine (but limited data of course). I've observed that MWAN3 seems to treat IPV4 and IPV6 as separate networks even though it's a single interface. For now I've disabled all IPV6 through the Interfaces page by not allowing them to start at boot. I quickly noticed that my PCs were preferring the IPV6 interface on the WWAN over the IPV4 interface on the EasyTether link if both were enabled.

MWAN3 Notify Script

#!/bin/sh
#

if [ "${ACTION}" = "disconnected" ] && [ "${INTERFACE}" = "EasyTether" ]; then
  kill -9 `ps | grep easytether-usb | grep -v grep | cut -d" " -f2`
  #killall easytether-usb
  #local usbid=$(lsusb | grep -v "1d6b" | awk '{print $6}')                                                                                                                                           
  #for id in $usbid; do                                                                                                                                                                                     
   # usbreset $id                                                                                                                                                                                         
  #done   
  sleep 5
  /usr/bin/easytether-usb
fi

Here's my MWAN3 settings pages (note: will create 3 more posts since I'm limited as a new user):

Lastly, I've been a bit busy to setup SSH again (had a shared key & everything), so just disabled for now. If it's simple enough to fix via LUCI that's my plan.

Thanks in advance!

somemorestuff · December 10, 2023, 10:30pm

somemorestuff · December 10, 2023, 10:30pm

somemorestuff · December 10, 2023, 10:31pm

somemorestuff · December 23, 2023, 7:39am

Anyone?

bluewavenet · December 23, 2023, 10:39am

You probably don't want to hear this but:

http ping has not worked with mwan3 since circa OpenWrt 19, at least not for me. I have not looked in detail to see why as to be honest, mwan3 has not been essential for me since then.
mwan3 uses iptables. Openwrt 23.05.x uses nftables by default. Even if you force a compatible* install of iptables-nft and hope for the best, it is most likely you will get all sorts of problems. There are people that have had a modicum of success eventually, but this is just a bit of a messy workaround in my opinion (having extensively experimented with it).

* There is a bug in OpenWrt itself where, if a package has iptables as a dependency, the incompatible iptables-legacy package is installed in error.

somemorestuff · December 23, 2023, 11:08am

Thanks for the insights.

Httping does seem to be working, otherwise I presume the interface would just never be enabled. For you was it always broken or just unreliable?
I suspect this is closer to the real issue. There is clearly some overlap between nftables and what MWAN3 is doing as it works a majority of the time. Is there a better package for WAN fallback / priority? I don't really need load balancing.

*I don't seam to have iptables‐legacy, but I do have iptables-zz-legacy (if those are different). Does that break something in nftables?

bluewavenet · December 23, 2023, 11:19am

Yes httping works, just not with mwan3 for some reason, it just thinks the interface is always up...

Only after OpenWrt 18 if I remember correctly....

i have not looked.

Yes, iptables-zz-legacy is the incorrectly installed version. This will clash with nftables. The command nft list ruleset will give dire warnings if I am not mistaken.

somemorestuff · December 23, 2023, 11:59am

Ok, maybe they fixed httping, bc my experience is the interface goes down when traffic can't get through. My problem is it doesn't seem to route to the fallback properly

I guess I'll have to break out of, or rather into, my shell to try that command. Been avoiding SSH out of sheer laziness

bluewavenet · December 23, 2023, 12:58pm

I don't think there was anything wrong with it, the problem seemed to be in mwan3 somewhere. But maybe my problem with it was hardware related somehow. Like I said, I did not need it any more..

Well yes - routing is done by nftables after all.

Look at luci Status/Firewall. See what it says..

LMAO!!
For anything more than a simple config, an SSH terminal session is essential if you want to know what is actually going on.
Don't be lazy, get stuck in. It might appear daunting if you have never been there, but actually it is very simple. There are many many web sites where you can read about Linux commands and scripts. The OpenWrt specific commands like uci (Unified Configuration Interface) are well documented. This is what Luci is based on, hence the origins of the name.

somemorestuff · December 23, 2023, 7:49pm

Well there's certainly a ton to unpack in there. It seems anytime WAN devices are mentioned all 3 of my WAN devices are in the set even if 2/3 are currently "down". idk how MWAN3 is blocking a lower priority interface, or if it would show there.

Yeah, I've dug in before. Even had a reverse-tunnel w/a shared key for external access at one point. Usually if I don't understand it in LUCI then I understand less at the command line. And when I do get it to work it's super fragile & has to be completely relearned/redone after upgrades/etc. Fun, sure, but time consuming.

You've reminded me of the idea of comparing the routing table in the 3 different states I care about in MWAN3 (both WANs up, USB unplugged, USB plugged but dead). If I remember right MWAN3 uses sub-tables or something weird like that. I don't see anything like a routing table in the Status-Firewall area of LUCI; but perhaps I can use the info shown on Status-MWAN3.

Looks like it'll have to wait until after new years. Getting crowded around here

Happy Holidays!